dvi: Mitigate command injection attacks by quoting filename

With commit 1fcca0b8041de0d6074d7e17fba174da36c65f99 came a DVI backend.
It exports to PDF via the dvipdfm tool.
It calls that tool with the filename of the currently loaded document.
If that filename is cleverly crafted, it can escape the currently
used manual quoting of the filename.  Instead of manually quoting the
filename, we use g_shell_quote.

https://bugzilla.gnome.org/show_bug.cgi?id=784947

origin commit:
https://git.gnome.org/browse/evince/commit/?id=350404c

0 files changed, 0 insertions, 0 deletions